Secure data destruction in a distributed environment using key protection mechanisms

ABSTRACT

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/981,804, filed Dec. 28, 2015, entitled “SECURE DATA DESTRUCTION IN ADISTRIBUTED ENVIRONMENT USING KEY PROTECTION MECHANISMS,” which is acontinuation of U.S. patent application Ser. No. 14/078,360, filed Nov.12, 2013, now U.S. Pat. No. 9,231,923, entitled “SECURE DATA DESTRUCTIONIN A DISTRIBUTED ENVIRONMENT USING KEY PROTECTION MECHANISMS,” thedisclosures of which are hereby incorporated herein in their entirety.This application also incorporates by reference for all purposes thefull disclosure of co-pending U.S. patent application Ser. No.14/078,336, filed Nov. 12, 2013, entitled “PREVENTING PERSISTENT STORAGEOF CRYPTOGRAPHIC INFORMATION” and U.S. patent application Ser. No.14/078,351, filed Nov. 12, 2013, now U.S. Pat. No. 9,235,714, entitled“PREVENTING PERSISTENT STORAGE OF CRYPTOGRAPHIC INFORMATION USINGSIGNALING.”

BACKGROUND

The security of computing resources and associated data is of highimportance in many contexts. As an example, organizations often utilizenetworks of computing devices to provide a robust set of services totheir users. Networks often span multiple geographic boundaries andoften connect with other networks. An organization, for example, maysupport its operations using both internal networks of computingresources and computing resources managed by others. Computers of theorganization, for instance, may communicate with computers of otherorganizations to access and/or provide data while using services ofanother organization. In many instances, organizations configure andoperate remote networks using hardware managed by other organizations,thereby reducing infrastructure costs and achieving other advantages.With such configurations of computing resources, ensuring that access tothe resources and the data they hold is secure can be challenging,especially as the size and complexity of such configurations grow.

In this type of distributed computing resource environment, a variety ofoperations such as serialization, may expose sensitive information torisks during storage and transmission over networks. Customers of theservice provider may execute computer system instances on hardware ofthe service provider and these instances may contain sensitiveinformation. Serialization of instances may jeopardize the sensitiveinformation contained in the instance, by causing the information to bestored persistently. These types of risks can create difficulties inmanaging secret information of a customer that is contained ininstances.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments in accordance with the present disclosure will bedescribed with reference to the drawings, in which:

FIG. 1 shows a diagram illustrating various aspects of the presentdisclosure;

FIG. 2 shows a diagram illustrating various aspects of the presentdisclosure;

FIG. 3 shows an illustrative example of a device with which variousembodiments can be practiced;

FIG. 4 shows an illustrative example of a device with which variousembodiments can be practiced;

FIG. 5 shows a diagram illustrating various aspects of the presentdisclosure;

FIG. 6 shows an illustrative example of a process for processing arequest in accordance with at least one embodiment;

FIG. 7 shows an illustrative example of a process for processing arequest in accordance with at least one embodiment;

FIG. 8 shows an illustrative example of a process for processing arequest in accordance with at least one embodiment;

FIG. 9 shows an illustrative example of a process for processing arequest in accordance with at least one embodiment;

FIG. 10 shows an illustrative example of a process for processing arequest in accordance with at least one embodiment; and

FIG. 11 illustrates an environment in which various embodiments can beimplemented.

DETAILED DESCRIPTION

In the following description, various embodiments will be described. Forpurposes of explanation, specific configurations and details are setforth in order to provide a thorough understanding of the embodiments.However, it will also be apparent to one skilled in the art that theembodiments may be practiced without the specific details. Furthermore,well-known features may be omitted or simplified in order not to obscurethe embodiment being described.

Techniques described and suggested herein relate to enhancements fordata security in a manner that reduces risks associated with datatransmission and/or storage. In various embodiments, plaintextcryptographic keys (also referred to simply as keys) are prevented frombeing written to persistent memory when various actions are performed onresources provided by a computing resource service provider (hereinafterservice provider). Users of a service provider (and users of distributedsystems, in general) may have large amounts of distributed data (e.g.,data stored in more than one location over a network or severalinterconnected computers) which may make deleting this data difficult.Generally for the purpose of efficiency and security, it may bedesirable to encrypt this data with one or more keys. Then once the datais to be deleted, the user may simply destroy the keying material.Destroying the keying material for encrypted data may be equivalent todestroying the data itself, since encrypted data is indecipherablewithout the corresponding keying material.

In various embodiments, the data described above may be generated,managed or stored using virtual machine instances (also referred to asinstances). These instances may be executed using resources operated bythe service provider. Techniques described herein are also applicable tophysical computer systems, such as desktop computers. Aspects of thepresent disclosure may be used to protect the keys of various othercomputer systems that may have keying material exposed due toserialization or transmission over a network. These computer systems mayhave plaintext representations of various keys used to encrypt data forstorage or other operations that may require data protection. In orderto preserve the user's ability to delete the keying material and othersensitive data, thereby ensuring destruction of the data, plaintextrepresentations of the keying material used by the virtual machineinstances must not be written to persistent storage. Through ahypervisor, the user may indicate keying material or other sensitiveinformation to be deleted and the hypervisor may selectively delete thekeying material or other sensitive information directly. Preventingpersistent storage of keys may also help ensure the user's datasecurity. Various serialization events may occur during the operation ofthe instances that may lead to writing keys to storage or transmissionof keying material. Generally, serialization may include the translationof one or more data structures of a computer system into a formatsuitable for persistent data storage. A command to execute serializationmay be generated automatically such as when performing periodicsnapshots, or a command may be generated explicitly such as by aninstance requesting suspension.

In various embodiments, users of the service provider may operate one ormore computer systems. The computer systems may incorporate resources orservices of the service provider to perform various operations. Theusers may employ one or more cryptographic keys in order to keepinformation secret and may not wish to expose the keys to the serviceprovider or any other third party, thereby exposing the user's secretinformation. Various techniques may be used to ensure the information iskept secret. For instance, the user's computer system may registerfunction calls with the service provider, the function call may operateto ensure plaintext copies of the keys are not written to persistentstorage or transmitted over a network and copies of the keys arerestored to the computer system when required. A first function may beregistered to delete copies of the keys from computer system memorybefore it is serialized and a second function may be registered torestore copies of the keys to the computer system memory when thecomputer system is deserialized. Various signaling methods may be usedto signal to the computer system that a serialization event will occurand allow the computer system to take the necessary steps to protect anycryptographic keys that may be contained in memory.

In various other embodiments, the computer system or a system of theservice provider, may designate a particular area of memory for keystorage and ensure the memory area is not serialized during one or moreserialization operations. Furthermore, a signaling method may be used toindicate to the computer system that a serialization event will occur,and a time out period may be used to allow the computer system time toensure that no plaintext representations of the keys are outside thedesignated memory area. The service provider may also encrypt thedesignated area of memory before one or more serialization operations ofthe particular serialization event occurs in order to ensure that secretinformation is not exposed. In order to ensure that keying material isnot exposed to the service provider or another party, various securitymodules may be used, such as a Trusted Platform Module (TPM) or HardwareSecurity Module (HSM). These types of cryptographic key managementdevices may generate keying material for the computer systems andrestore the keying material during deserialization. The security modulesmay be operated by the user or the service provider and may bevirtualized in various embodiments. The service provider may alsomaintain an audit log in order to track actions performed and ensurethat serialized data lacks any plaintext representations of keys used byinstances.

FIG. 1 is an illustrative example of an environment 100 illustratingvarious aspects of the present disclosure. As noted above, techniquesdescribed herein are applicable to ensuring data destruction and datasecurity using cryptographic keys. Accordingly, FIG. 1 shows a computersystem instance 102 with one or more cryptographic keys stored in memoryof the instance. The computer system instance may be managed by ahypervisor (also referred to as a virtual machine manager or virtualmachine monitor), with the hypervisor operated by the service provider.At some point in time during the operation of the computer systeminstance a serialization event 104 may be detected. In various otherembodiments, the hypervisor or some other service of the serviceprovider may determine that a serialization event will occur. Theserialization event 104 may be, for example, a snapshot of the computersystem. Snapshots may be performed at periodic intervals (e.g. asperiodic backups), the keys may be removed from instance memory prior tothe snapshot and restored after the snapshot operation is complete, soas to prevent serialization of the keys. The serialization event 104 maycause instance data 110 to be written persistently to storage 108. Atsome point in time before serialization event 104, one or more varioustechniques may be used to ensure that the one or more cryptographic keysstored in memory of instance 102 are not included in instance data 110when it is written to storage 108.

A hypervisor managing the instance 102, in various embodiments, exposesone or more functions to the instance 102 in order to enable instance102 to delete cryptographic material before instance data is serialized.The hypervisor may call one or more functions before serializing thedata. Furthermore, the hypervisor may wait for a response from theinstance 102 indicating that the keys have been deleted beforeproceeding with serialization. A timeout period (also referred to as agrace period), for the response from the instance 102 may be set suchthat at the end of the timeout period the instance is serialized even ifno response has been received. The keys of the instance 102 may also beencrypted in order to protect secret information during serialization.The keys may be encrypted by the hypervisor during serialization, theinstance before serialization or some other suitable system of theservice provider. The hypervisor may also communicate with the instance102 and establish an area of memory which the hypervisor will notserialize during serialization of the instance 102.

At some point in time after the serialization event 104 is completed,the computer system instance may be deserialized using instance data 110retrieved from storage 108. Using the example above, at some point intime after the snapshot is created the computer system instance may belaunched using the created snapshot. The instance data 110 may notcontain the one or more cryptographic keys contained in memory ofinstance 102 and in order for the instance 106 to function as it didbefore the serialization event 104, the keys must be restored. Theinstance 106 may be responsible for restoring the one or morecryptographic keys, or the hypervisor may replace the keys beforelaunching the instance 106. In various embodiments, a security modulemay be used to manage the one or more keys of the instance. For example,the HSM or TPM may be used to restore keys when the instance 106 islaunched. For example, once all the instance data 110 is retrieved fromstorage 108 and loaded into memory, the hypervisor may transmit arequest to an HSM to restore the keys of the instance 106.

FIG. 2 is an illustrative example of an environment 200 illustrating,various aspects of the present disclosure. Accordingly, FIG. 2 showscomputer systems (also referred to as a physical host) 202 and 218, maybe a physical host or other suitable computing device located in one ormore data centers. Computer system 202 may be in a distinct geographiclocation from computer system 218. For example, computer system 202 maybe in a different legal jurisdiction from computer system 218. Physicalhosts 202 and 218 may each operate multiple virtual machines 204 and216, although for clarity only one is shown. The physical hosts 202 and218 may manage the virtual machine with hypervisors 206 or 222. Thehypervisors 206 and 222 may control the guest operating systems (alsoreferred to as a guest computer system) 208 and 220 interactions withthe hardware of the physical host 202 and 218. The physical hosts 202and 218 may be connected to a server 212 over a network 210. The servermay contain one or more storage devices 214 (for clarity only one isshown) that may be used in various embodiments of the presentdisclosure, for serializing data corresponding to the guest operatingsystems 208 and 220.

During serialization operations, cryptographic keys of the guestoperating systems 208 and 220 may be written persistently to storagedevice 214 and transmitted over network 210. To ensure protection of thecryptographic keys, various techniques described above may be used. Forexample, the hypervisor 206 may signal to the guest operating system 208that serialization of data corresponding to the guest operating systemwill occur. The guest operating system 208 may then perform one or moreoperations to protect cryptographic keys contained in the guestoperating system. The one or more operations may include deleting thecryptographic keys or encrypting cryptographic keys with a separate key.In various embodiments, the hypervisor 206 does not signal the guestoperating system 208. For example, at some point during execution of theguest operating system 208, the hypervisor 206 and the guest operatingsystem 208 may coordinate a particular area of memory which will beexcluded from serialization during any serialization events. Theparticular area of memory may be virtual memory addressed by the virtualmachine instance or physical memory of the underlying hardware executingthe virtual machine instance.

FIG. 3 is an illustrative, simplified block diagram of an example device300 that may be used to practice at least one embodiment of the presentdisclosure. In various embodiments, the device 300 may be used toimplement any of the systems illustrated herein and described above,such as the physical hosts described above in connection to FIG. 2. Forexample, the system 300 may be used to execute virtual machineinstances, monitor the instances, manage the instance and perform one ormore serialization operations. For example, the device 300 may execute avirtual machine instance 302 for a customer and enable the virtualmachine to protect secret information during serialization. Althoughonly one virtual machine is shown in FIG. 3 for clarity, the system mayexecute multiple virtual machines for one or more customers. As shown inFIG. 3, the device 300 may include system hardware 314, the systemhardware includes one or more central processing units 316 (alsoreferred to as a processor for simplicity) that may be communicativelycoupled to a number of subsystems, such as the memory subsystem 318, anddevices 326. Devices may be input/output devices, optical devices,networking devices or other suitable devices.

The memory subsystem 318 may provide a computer-readable storage mediumfor storing data that may provide the functionality of at least oneembodiment of the present disclosure. The data stored in the memorysubsystem (programs, code modules, instructions) that, when executed byone or more processors, may provide the functionality of one or moreembodiments of the present disclosure, may be stored in the memorysubsystem 318. These application modules or instructions may be executedby the one or more processors 316. The memory subsystem 318 mayadditionally provide storage for serialized data, that serialized datamay be generated by a virtual machine 302. The memory subsystem 318 maycomprise a disk storage subsystem 320. The disk 320 may be used to storedata generated by the virtual machine 302, such as a serialized image ofthe virtual machine or information contained in the virtual disk 310 ofthe virtual machine 302. An image may be used to instantiate one or morecomputer systems. The memory subsystem 318 may include a number ofmemories including Random Access Memory (RAM) 324 and Read-Only Memory(ROM) 322.

The device 300 may further include a kernel 328. The kernel may managerequests from software, such as a hypervisor 306 and translate therequests into data instructions for the central processing unit 316 andmemory subsystem 318. The hypervisor 306 may manage requests from thevirtual machine 302 and control virtual machine access to the underlyinghardware. The hypervisor may also signal the virtual machine, using oneor more interrupts 332, according to various aspects of the presentdisclosure. The interrupts 332 may be used to transmit signals to thevirtual machine 302. The interrupts may be used indicate a variety ofinformation such as information corresponding to the functions which thehypervisor exposes to the virtual machine 302. The functions may furtherenable the hypervisor to coordinate with the virtual machine instanceand prevent storage of the plaintext representation of the keys. Thevirtual machine 302 may register the exposed functions with thehypervisor 306, registering the functions may include providinginformation on when to call the functions and conditions for calling thefunctions and continuing execution of the virtual machine instance if afunction fails. This information may be stored in metadata correspondingto the virtual machine instance 302, the metadata of the virtual machineinstance may be stored in the memory subsystem 318.

The hypervisor may also include one or more hardware emulators 330 andinterrupts 332, the hardware emulators may provide virtualized hardwareto the virtual machine. In various embodiments, hardware emulator 330 isused to signal the virtual machine that a serialization event willoccur. For example, the hypervisor 306 may use the hardware emulator 330to create a virtual device driver and signal the virtual machine 302using the device driver. The hypervisor 306 may be a bare metalhypervisor as shown in FIG. 3 or a hosted hypervisor running as anapplication within a client operating system. The interrupts 332 may beused in signaling the guest operating system 308.

As described above, the hypervisor 306 manages the virtual machine 302.The virtual machine 302 contains virtualized hardware 304, thevirtualized hardware includes one or more virtual central processingunits 312, virtual memories 342 and virtual disks 310. The virtualmachine also executes a guest operating system 308 with one or moreapplications 334. The virtual machine 302 may also contain one or morecryptographic keys 336 for use by the guest operating system 308 inprotecting secret information. The virtual machine may have access tothe keys 336 stored in memory and other keys stored in a security module(not shown in FIG. 3) or some other secure location. The keys 336 may bestored in an ephemeral key area that is guaranteed by one or moresystems of the service provider, not to be written to persistentstorage. The keys 336 may be stored in contiguous or non-contiguousareas of memory. The area(s) of memory may be protected by the guestoperating system 308, where the guest operating system may limit orprevent access to those memory area(s) which contain plaintextrepresentations of cryptographic keys using a trap or other similarmechanism to control access to the memory areas. For example, access tothe keys 336 by applications 334 may be limited by the guest operatingsystem 308. The guest operating system may intervene when an applicationrequests read access to the keys and block the requested access. Theguest operating system 308 may allow encryption or decryption using thekeys. The particular areas of memory that contain encryption keys may beexcluded from serialization. The particular memory areas which containthe keys 336, may be determined by the guest operating system 308 or thehypervisor 306. The hypervisor 306 or some other service responsible forserializing the virtual machine 302 may exclude the ephemeral key areaor keys 336 from serialized data during a serialization event.

FIG. 4 is an illustrative, simplified block diagram of an example device400 that may be used to practice at least one embodiment of the presentdisclosure. In various embodiments, the device 400 may be used toimplement a variety of the systems illustrated herein, such as thehardware security module described below in connection to FIG. 5. Forexample, the system 400 may be used to manage cryptographic keys, suchas restoring key state after an instance is resumed or providing amaster key for encrypting instance data. As shown in FIG. 4, the device400 may include one or more processors 402 that may be configured tocommunicate with and are operatively coupled to a number of peripheralsubsystems via a bus subsystem 404. These peripheral subsystems mayinclude a storage subsystem 406, comprising a memory subsystem 408 and afile storage subsystem 410, one or more input devices 412, one or moreoutput devices 414, a network interface 416, a security module 424,comprising a memory subsystem 430 and one or more cryptographicprocessors 432.

The bus subsystem 404 may provide a mechanism for enabling the variouscomponents and subsystems of system 400 to communicate with each otheras intended. Although the bus subsystem 404 is shown schematically as asingle bus, alternative embodiments of the bus subsystem may utilizemultiple busses.

The network interface 416 may provide an interface to other systems andnetworks. The network interface 416 may serve as an interface forreceiving and transmitting data to and from other systems from system400. For example, the network interface 416 may allow the securitymodule to communicate with various components of device 300 describedabove, such as the hypervisor 306 or the guest operating system 308, inorder to retrieve one or more keys for use with the virtual machineinstance. For example, as will be illustrated in FIG. 5, the hypervisormay request the one or more keys of the guest operating system to berestored when the instance is deserialized. Additionally, the guestoperating system may submit a request to the security module to havecopies of cryptographic keys restored. The network interface 416 mayalso facilitate the receipt and/or transmission of data on othernetworks, such as an organizations intranet.

The input devices 412 may include one or more buttons, a keyboard,pointing devices such as an integrated mouse, trackball, touchpad, orgraphics tablet, a scanner, a barcode scanner, a fingerprint scanner, aretinal scanner, a touch screen incorporated into the display, audioinput devices such as voice recognition systems, microphones and othertypes of input devices. In general, use of the term input device isintended to include all possible types of devices and mechanisms forinputting information to the system 400.

The output devices 414 may include a display subsystem, a printer ornon-visual displays such as audio output devices, etc. The displaysubsystem may be a Cathode Ray Tube (CRT), a flat-panel device such as aLiquid Crystal Display (LCD), Light Emitting Diode (LED) display or aprojection or other display device. In general, use of the term outputdevice is intended to include all possible types of devices andmechanisms for outputting information from the system 400. The outputdevices 414 may be used, for example, to present user interfaces tofacilitate user interaction with applications performing processesdescribed herein and variations therein, when such interaction may beappropriate.

The storage subsystem 406 may provide a computer-readable storage mediumfor storing the basic programming and data constructs that may providethe functionality of at least one embodiment of the present disclosure.The applications (programs, code modules, instructions) that, whenexecuted by one or more processors, may provide the functionality of oneor more embodiments of the present disclosure and may be stored in thestorage subsystem 406. These application modules or instructions may beexecuted by the one or more processors 402. The storage subsystem 406may additionally provide a repository for storing data used inaccordance with the present disclosure. The storage subsystem 406 maycomprise of a memory subsystem 408 and a file/disk storage subsystem410.

The memory subsystem 408 may include a number of memories including amain RAM 418 for storage of instructions and data during programexecution and a ROM 420 in which fixed instructions may be stored. Thefile storage subsystem 410 may provide a non-transitory persistent(non-volatile) storage for program and data files, and may include ahard disk drive, a floppy disk drive along with associated removablemedia, a Compact Disk Read-Only Memory (CD-ROM) drive, an optical drive,removable media cartridges and other like storage media.

The security module 424 includes a memory subsystem 430, including amain RAM 428 for storage of instructions and data during programexecution and a ROM 426 in which fixed cryptographic information orprogram instructions may be stored, such as a root key or user privatekey. The device 400 may also store keys in RAM 428 for temporarycryptographic processing. The cryptographic information stored in thememory subsystem 430 or the one or more cryptographic processors 432 maybe used to generate cryptographic keys for use with one or more virtualmachines. The one or more cryptographic processors may be used toaccelerate cryptographic processing in the device and may include arandom number generator, RSA key generator, SHA-1 hash generator and anencryption-decryption-signature engine. User credentials of a virtualmachine or guest operating system may be stored temporarily in thememory subsystem 430 for use in authentication with the service providerand/or restoring cryptographic keys. The security module may maintainkey information for the one or more virtual machines, such that if thekeys are deleted or encrypted during serialization the key may berestored.

FIG. 5 is an illustrative example of an environment 500 illustratingvarious aspects of the present disclosure. Accordingly, FIG. 5 shows aclient 502 communicating with one or more virtual machine instances 506over a network 504, such as the internet. The virtual machine instances506 may be offered as a service of the service provider and the customermay manage various aspects of the virtual machines through a managementconsole operated by the service provider. The management consoleprovides the customer with an interface to manage resources and servicesprovided by the service provider, such as virtual machine instances. Forexample, a customer through the management console may communicatedirectly with a hypervisor and instantiate a virtual machine instance.The virtual machine instances 506 may be connected to various systems toenable protection of cryptographic keys in accordance with the presentdisclosure. A key protection system 510 may include a hardware securitymodule 508, a log 514 and a storage device 512. The log 514 may be usedto create an audit log to ensure that the cryptographic keys of thevirtual machines have not been exposed.

During operation of the virtual machine instances 506, a serializationevent may be detected and one or more operations may be performed toprevent plaintext representations of keys contained in the virtualmachines from being stored persistently. For example, as described abovein connection with FIG. 3, the hypervisor 306 may call a function thatwhen performed by the guest operating system 308, may delete the keys336 stored in memory. Information corresponding to the function calledby the hypervisor, operations performed by the guest operating system,information indicating whether the operations performed were completedsuccessfully or any other information suitable for determining the keyshave not been exposed may be written to the log 514. The log 514 may besigned by the service provider, using the service provider private key.The log 514 may also be used to ensure data destruction, to be discussedin further detail below in connection to FIG. 10. The storage device 512may be used to store information about the virtual machine instance 506or serialized instance data. In various embodiments, the storage device512 contains data to be decrypted or encrypted by the hardware securitymodule 508 also referred to as a cryptographic key management module.

The hardware security module 508 may be a physical device connected in adata center operated by the service provider or the hardware securitymodule may be virtualized and executed as a service of the serviceprovider. The hardware security module 508 may securely store keys forone or more virtual machine instances 506 without sharing the keys withother instances or clients. In various embodiments, key managementtechniques are used by the hardware security module to manage encryptionkeys throughout the key lifecycle (generation, secure use, storage,escrow and destruction). For example, using key management techniques,the client 502 may effectively delete a large data set from the storagedevice 512 by submitting a request to the hardware security module 508to destroy the key used to encrypt the data set.

The hardware security module 508 may be logically separate from theother systems and services of the service provider to ensureconfidentiality and protection of the keys. In various embodiments, theclient 502 or the virtual machine instances 506 may store generated keysusing another system or service and store the generated keys securely inthe hardware security module 508. The keys stored in the hardwaresecurity module may only be accessed using valid credentials. Thehardware security module may validate the provided credentials using avariety of techniques and prevent access to keys by parties who have notbeen validated. In various embodiments, the hardware security module 508generates keys and performs encryption and decryption using the keyswithin the hardware security module without the keys ever leaving thehardware security module, enabling the hardware security module tocontrol, store and use the encryption keys without the keys beingcopied.

In various embodiments, data destruction is accomplished by destroyingkeys that are stored in the hardware security module and have never leftthe protected boundary of the hardware security module. The techniquesdescribed in the present disclosure are directed to key handling andpreventing persistent storage of plaintext keys, and any chain of keysthat may be encrypted by a master key stored in the hardware securitymodule, data destruction of large data sets can be accomplished simplyby destroying a single master key stored in the hardware securitymodule. Hardware security modules may prevent keys from leaving theprotected boundaries and may not be copied, enabling the master keystored in the hardware security module to be safely destroyed, therebydestroying the data encrypted by the master key.

The hardware security module may also be used to restore keys duringdeserialization of an instance. For example, the hypervisor may providethe hardware security module with credential information for a virtualmachine instance being launched from a snapshot. If the snapshot hasbeen encrypted by the hardware security module using a master key, thesnapshot may be decrypted before launching the instance. Furthermore, ifthe keys inside the memory of the instance have been deleted orencrypted before serialization, the hardware security module may restorethe instance keys as well. During serialization of instances, instancedata may be written to storage device 512 and the hardware securitymodule 508 may encrypt the entirety of the instance data or just aparticular area of the instance data. For example, as described above,if the instance stores all of the keying material in a particular areaof memory, the hardware security module may only encrypt that particulararea of the memory.

FIG. 6 shows an illustrative example of process 600 which may be used toprevent exposure of plaintext cryptographic keys. The process 600 may beperformed by any suitable system, such as by the device as described inconnection with FIG. 3 and/or an appropriate component thereof, such asby the hypervisor 306. Returning to FIG. 6, in an embodiment, theprocess 600 includes detecting a serialization event for a virtualmachine instance 602. For example, the hypervisor may detect that aserialization event, such as migration, has been initiated. Once aserialization of an instance is detected 602 a signal may be sent to theinstance, enabling the instance to perform one or more operations toprotect keys that may be stored in memory of the instance, such asimplementing a delete key function 604. The delete key function may beregistered with the hypervisor ahead of time such that once aserialization event is detected 602 the hypervisor may call the deletekey function, thereby signaling the instance to implement the functions.In various embodiments, if the instance does not register callbackfunctions, the hypervisor may proceed with a serialization event 606without calling an instance function. Other signaling methods may beused to send signals in accordance with the present disclosure. Forexample, the hypervisor may send a signal to the instance using aspecial network port, a hardware interrupt signal, a unique pattern ofinput on a virtualized hardware device (e.g., USB port), instancemetadata, exposing a uniform resource locator to the instance or anyother suitable method for signaling an instance. Once the signal isreceived, the instance may destroy keys stored in instance memory byimplementing the delete keys function. The hypervisor may use a graceperiod to allow the instance time to perform one or more operationsbefore serialization of the instance data 606. In other embodiments, theinstance may signal the hypervisor that the serialization of theinstance may proceed 606, the instance may use any of the signalingmethods as described above.

In various embodiments, the signal may include operations that whenperformed by the hypervisor, expose the one or more functions to theinstance that allow the instance to register the one or more functions.At least one of the functions of the one or more functions being calledjust before the instance is serialized and at least one other functionof the one or more functions being called just after the instance isserialized. The function may also be registered at some point in timebefore the serialization event is detected 602. At the time ofregistering these functions (also referred to as callback functions),the instance may also specify whether the hypervisor or some othersystem or service of the service provider should prevent the instancefrom being serialized in the event that the one or more of the functionstimes out or otherwise does not complete (e.g., block snapshot ormigration on failure of the delete keys functions), or if the hypervisorshould complete the serialization even if one or more of the functionsdo not complete. Returning to FIG. 6, process 600 may detect completionof the serialization event 608. For example, the hypervisor may receivenotification from one or more services of the service provider that animage of the instance has successfully been written to disk. Asdescribed above, process 600 may be modified to require a response fromthe instance, however the process 600 may proceed without a responsefrom the instance as a result of a grace period expiring. Uponcompletion of the one or more function calls executed beforeserialization, the response from the instance may be another functioncall indicating the delete keys function call was completedsuccessfully.

Information regarding the instance and whether to proceed withoutreceiving a response from the instance may be written to metadatacorresponding to the instance. At some point in time after thehypervisor has detected completion of the serialization events 608, thehypervisor may cause the virtual machine instance to implement one ormore functions to restore keys 610, such as restore keys function. Forexample, information regarding the instance registering the callbackfunctions may be stored as a new data item in the instance metadata sothat the hypervisor may check the metadata when restoring an instance toknow whether or not the hypervisor is responsible for calling one ormore functions to restore keys to the instance when reconstituting theinstance. Information written into the metadata may include informationabout registered functions, location of keys, memory location for one ormore keys, security module that manages the instance keys or otherinformation usable with the techniques described in the presentdisclosure. Functions may be called by the hypervisor or other system ofthe service provider but may be executed by the instance 610. Forexample, the hypervisor may call a function signaling to the instance todelete keys stored in memory before serialization, and the function maybe executed by the instance in order to protect the keys from exposureto the service provider. Information written into the metadata of theinstance may indicate operations to be performed by the hypervisor orsome other system in order to enable the instance to retrieve its keys.For example, an operation may be performed to restore an instance, thehypervisor may check the metadata to determine if the instancepreviously registered one or more functions with the hypervisor and ifthe one or more functions had been completed for the last serializationoperation. If the instance had registered one or more functions and theregistered functions were completed successfully, then the hypervisormay restore the instance and call any functions that may be registeredto execute before handing over control to the instance.

FIG. 7 shows an illustrative example of process 700 which may be used toprevent exposure of plaintext cryptographic keys. The process 700 may beperformed by any suitable system, such as by the device as described inconnection with FIG. 3 and/or an appropriate component thereof, such asby the hypervisor 306. Returning to FIG. 7, in an embodiment, theprocess 700 includes detecting a serialization event for a virtualmachine instance 702. Once the serialization event has been detected 702by the hypervisor, the hypervisor may the send a signal to the virtualmachine 704 for which the serialization event was detected. The signal704 may be sent using any of the signaling methods described above. Forexample, the signal 704 may be an interrupt sent by the hypervisorthrough a device driver of the instance. The hypervisor may thendetermine if a response from the instance is required 706. Thehypervisor may make the determination by checking the metadata of theinstance. If there is no information indicating that a response isrequired, the process 700 may wait for a timeout period 712 and thenproceed with serializing the virtual machine instance 708. The timeoutperiod 712 may enable the virtual machine to perform, prior toserialization, one or more operations to ensure that plaintextrepresentations of encryption keys stored in the virtual machine'smemory are not written to persistent storage when the instance isserialized 708.

If a response to the signal 704 is required, process 700 may wait for aresponse to be received 714. If a response is received 714, process 700may continue and serialize the virtual machine instance 708. If noresponse is received, process 700 may determine if a timeout period hasexpired 722. The timeout period may enable the virtual machine instanceto perform operations in order to protect cryptographic keys and returna response to the hypervisor. In various embodiments, the timeout periodmay be set by the hypervisor when the virtual machine instance registersthe delete keys function as described above. In numerous variations ofprocess 700, the instance may allow serialization 708 to proceed at theexpiration of the timeout period 722 regardless of the hypervisorreceiving a response 714. In other variations to process 700, checkingif a response has been received at step 714 may include an indicationthat the virtual machine instance was unable to perform one or moreoperations required to protect the cryptographic keys from being writtenpersistently to storage and the serialization event must be canceled720. Returning to FIG. 7, during the timeout period 722, if a responseis received 714 the hypervisor may permit the serialization event toproceed 708. If no response is received 714 during the timeout period722, the hypervisor may cancel the serialization event 720.

Once the virtual machine has been serialized 708, the instance may berelaunched. The hypervisor may, during restoration of the instance,check the instance metadata to determine if the keys for the instanceshould be restored 710 by the hypervisor. If the hypervisor isresponsible for restoring the keys to the instance, the hypervisor maycall the restore key function 716 before handing control over to theinstance. If the hypervisor is not responsible for restoring the keys tothe instance, the hypervisor may launch the instance and hand overcontrol to the instance 718 without calling the restore keys function.In this case, the instance itself may be responsible for restoring itsown keys.

FIG. 8 shows an illustrative example of process 800 which may be used toprevent exposure of plaintext cryptographic keys. The process 800 may beperformed by any suitable system, such as by the device as described inconnection with FIG. 3 and/or an appropriate component thereof, such asby the virtual machine 302. Returning to FIG. 8, in an embodiment, theprocess 800 includes transmitting encryption keys to a security module802, such as a hardware security module. The instance may transmit theencryption keys as a result of receiving a signal from the hypervisor asdescribed above. The security module may use a master key to wrap theencryption key. Wrapping the encryption key includes encrypting theplaintext version of the encryption key with another key. The instancemay then receive the wrapped encryption key from the security module804. The wrapped key may be stored in the memory of the instance and theinstance may then delete or otherwise destroy any plaintext copies ofthe encryption key that may still be in memory 806. The security modulein various embodiments, generates an audit log indicating that thereceived encryption keys have been securely encrypted and the log may besigned by the service provider, the customer, the instance or somecombination thereof using the entities' corresponding private key.

In various embodiments, the instance may signal the hypervisor that thekeys have been secured and allow the serialization of the instance tocontinue. After the serialization event the security module may receivethe wrapped key 808. The hypervisor may transmit the encrypted key tothe security module as an operation during restoration of the instance.In other embodiments, the instance may be responsible for restoring thekey and transmit the key to the security module 808. The security modulemay decrypt the encryption key and transmit the plaintext copy of theencryption key to the instance 810. The security module may generate alog of activities performed in unwrapping the encryption key andtransmitting it to the instance.

FIG. 9 shows an illustrative example of process 900 which may be used toprevent exposure of plaintext cryptographic keys. The process 900 may beperformed by any suitable system, such as by the device as described inconnection with FIG. 3 and/or an appropriate component thereof, such asby the virtual machine 302. Returning to FIG. 9, in an embodiment, theprocess 900 includes receiving a signal for a hypervisor indicating thata serialization event will occur 902. The signal may be any of thesignaling methods or function registrations as described above. Once thesignal has been received 902, the instance may delete all local copiesof the encryption keys 904 in order to prevent the keys from beingstored persistently or transmitted over a network in plaintext form. Invarious embodiments, other operations may be performed that produce asimilar result as deleting the encryption keys. For example, theinstance may have previously registered a function (e.g., the deletekeys function), the hypervisor may signal the instance 902 by callingthe previously registered function. The instance may then performoperations corresponding to the function called by the hypervisor. Forexample, the instance may request from a security module encryption ofone or more keys 904. Other techniques described in the presentdisclosure may be used to ensure that the plaintext keys are notexposed. For example, the instance may move the keys to the ephemeralarea of memory described above, so that the keys are not serializedduring execution of the serialization event. Determining the location ofthe ephemeral area of memory may be accomplished by coordinating thememory location with the hypervisor at some point during execution ofthe instance. In numerous variations of process 900, the instance mayignore the signal and allow serialization of the instance data withoutregard to keys that may be stored in memory.

The instance, once the operation has been performed 904, may signal aresponse 906 to the hypervisor or other system of the service providerindicating that operations to prevent exposure of plaintext keys 904have been completed and serialization may proceed. In variousembodiments, the response 906 may indicate that one or more operationsto protect the keys stored in memory have failed and serialization maynot proceed. The response 906 may also indicate that more time isrequired to complete operations to protect the keys stored in memory.The response to the hypervisor 906 may be transmitted using any of thesignaling methods as described above. For example, the instance may sendan interrupt to the hypervisor through a virtual device driver.

FIG. 10 shows an illustrative example of process 1000 which may be usedto delete or destroy data which has been encrypted with a cryptographickey. The process 1000 may be performed by any suitable system, such asby the device as described in connection with FIG. 3 and/or anappropriate component thereof, such as by the hypervisor 306. Returningto FIG. 10, in an embodiment, the process 1000 includes receiving anindication of data which is to be destroyed 1002. The indication may bereceived outside of the virtual machine instance, such as at thehypervisor responsible for managing the instance. For example, one ormore systems of the service provider may receive a request from acustomer and determine, based at least in part on the request, thehypervisor responsible for managing the virtual machine corresponding tothe data which is to be destroyed. The request may then be transmitteddirectly to the hypervisor responsible for the virtual machine instance,without providing the request to the virtual machine instance. Therequest may then be processed directly by the hypervisor without issuingcommands to the virtual machine instance. The indication may includeinformation corresponding to data encryption keys used to encrypt thedata, information corresponding to sensitive data or informationcorresponding to the cryptographic management module controlling thedata encryption keys. The indication may be generated by the customerinteracting directly with the hypervisor or through a managementconsole, as described above in reference to FIG. 5. In various otherembodiments, the indication of data to be deleted includes onlyinformation corresponding to the data encryption key which is to bedestroyed. Returning to FIG. 10, once an indication of the data to bedestroyed has been received, the process 1000 may continue and one ormore systems of the service provider, such as the cryptographic keymanagement module, may determine the one or more data encryption keysused to encrypt the data. For example, the cryptographic managementmodule may be queried to determine the data encryption keys used toencrypt data corresponding to the virtual machine requesting the data tobe destroyed.

Once the data encryption keys have been determined 1004, an audit logmay then be examined to determine that plaintext representations of thedata encryption keys have not been exposed. The audit log may be any loginformation such as the audit log 514 described above in connection withFIG. 5. The audit log may be traced by the virtual machine instancerequesting that the data be destroyed. The cryptographic managementmodule controlling the data encryption key, a service of the serviceprovider, the virtual machine instance or some other system suitable forparsing information from an audit log may perform a trace of the auditlog. In numerous variations of process 1000, if a trace of the audit logis unable to indicate conclusively that the cryptographic key has notbeen exposed during operation, a notification may be sent to thecustomer indicating that the cryptographic key may have been exposed.For example, the audit log may indicate that a serialization eventoccurred for a particular virtual machine without protecting thecryptographic keys contained in the virtual machine's memory and amessage may be sent to the customer indicating that the cryptographickeys may have been exposed during serialization. If a trace of the auditlog does not indicate that the encryption keys have not been exposed,the encrypted data may then be deleted directly using any of thetechniques described in the present disclosure, such as overwriting theencrypted data with other data.

Returning to FIG. 10, if it is determined that the encryption keys havenot been exposed 1006, the keys or other sensitive data may then beselectively deleted or otherwise destroyed 1008. The data may be deletedor otherwise destroyed 1008 by overwriting the keys with random data,non-random data, zeros, ones or other suitable information. For example,if an ephemeral area of memory is used, as described above, the guestoperating system may overwrite the memory area with random or non-randominformation thereby deleting the keys contained in the memory area. Thehypervisor or some other system of the service provider may cause thedata to be deleted directly from the memory of the virtual machineinstance. The hypervisor may also control the virtual machine instancein order to have the virtual machine instance delete the data. Forexample, the user through the management console may select data to bedeleted, one or more systems of the service provider may determine anencryption key used to encrypt the data and the hypervisor may deletethe encryption key from the memory of the virtual machine instanceassociated with the user. In various other embodiments, encryption keysstored in volatile memory may be destroyed by cutting the power to thevolatile memory. If the encryption keys are contained in a cryptographicsecurity module, the cryptographic security module may delete the key inaccordance with its inherent capabilities. Deleting the encryption keymay render the data encrypted with the particular encryption keysindecipherable.

FIG. 11 illustrates aspects of an example environment 1100 forimplementing aspects in accordance with various embodiments. As will beappreciated, although a web-based environment is used for purposes ofexplanation, different environments may be used, as appropriate, toimplement various embodiments. The environment includes an electronicclient device 1102, which can include any appropriate device operable tosend and receive requests, messages or information over an appropriatenetwork 1104 and convey information back to a user of the device.Examples of such client devices include personal computers, cell phones,handheld messaging devices, laptop computers, tablet computers, set-topboxes, personal data assistants, embedded computer systems, electronicbook readers and the like. The network can include any appropriatenetwork, including an intranet, the Internet, a cellular network, alocal area network or any other such network or combination thereof.Components used for such a system can depend at least in part upon thetype of network and/or environment selected. Protocols and componentsfor communicating via such a network are well known and will not bediscussed herein in detail. Communication over the network can beenabled by wired or wireless connections and combinations thereof. Inthis example, the network includes the Internet, as the environmentincludes a web server 1106 for receiving requests and serving content inresponse thereto, although for other networks an alternative deviceserving a similar purpose could be used as would be apparent to one ofordinary skill in the art.

The illustrative environment includes at least one application server1108 and a data store 1110. It should be understood that there can beseveral application servers, layers or other elements, processes orcomponents, which may be chained or otherwise configured, which caninteract to perform tasks such as obtaining data from an appropriatedata store. Servers, as used herein, may be implemented in various ways,such as hardware devices or virtual computer systems. In some contexts,servers may refer to a programming module being executed on a computersystem. As used herein the term “data store” refers to any device orcombination of devices capable of storing, accessing and retrievingdata, which may include any combination and number of data servers,databases, data storage devices and data storage media, in any standard,distributed or clustered environment. The application server can includeany appropriate hardware and software for integrating with the datastore as needed to execute aspects of one or more applications for theclient device, handling some (even a majority) of the data access andbusiness logic for an application. The application server may provideaccess control services in cooperation with the data store and is ableto generate content such as text, graphics, audio and/or video to betransferred to the user, which may be served to the user by the webserver in the form of HyperText Markup Language (“HTML”), ExtensibleMarkup Language (“XML”) or another appropriate structured language inthis example. The handling of all requests and responses, as well as thedelivery of content between the client device 1102 and the applicationserver 1108, can be handled by the web server. It should be understoodthat the web and application servers are not required and are merelyexample components, as structured code discussed herein can be executedon any appropriate device or host machine as discussed elsewhere herein.Further, operations described herein as being performed by a singledevice may, unless otherwise clear from context, be performedcollectively by multiple devices, which may form a distributed system.

The data store 1110 can include several separate data tables, databasesor other data storage mechanisms and media for storing data relating toa particular aspect of the present disclosure. For example, the datastore illustrated may include mechanisms for storing production data1112 and user information 1116, which can be used to serve content forthe production side. The data store also is shown to include a mechanismfor storing log data 1114, which can be used for reporting, analysis orother such purposes. It should be understood that there can be manyother aspects that may need to be stored in the data store, such as pageimage information and access rights information, which can be stored inany of the above listed mechanisms as appropriate or in additionalmechanisms in the data store 1110. The data store 1110 is operable,through logic associated therewith, to receive instructions from theapplication server 1108 and obtain, update or otherwise process data inresponse thereto. In one example, a user, through a device operated bythe user, might submit a search request for a certain type of item. Inthis case, the data store might access the user information to verifythe identity of the user and can access the catalog detail informationto obtain information about items of that type. The information then canbe returned to the user, such as in a results listing on a web page thatthe user is able to view via a browser on the user device 1102.Information for a particular item of interest can be viewed in adedicated page or window of the browser. It should be noted, however,that embodiments of the present disclosure are not necessarily limitedto the context of web pages, but may be more generally applicable toprocessing requests in general, where the requests are not necessarilyrequests for content.

Each server typically will include an operating system that providesexecutable program instructions for the general administration andoperation of that server and typically will include a computer-readablestorage medium (e.g., a hard disk, RAM, ROM, etc.) storing instructionsthat, when executed by a processor of the server, allow the server toperform its intended functions. Suitable implementations for theoperating system and general functionality of the servers are known orcommercially available and are readily implemented by persons havingordinary skill in the art, particularly in light of the disclosureherein.

The environment in one embodiment is a distributed computing environmentutilizing several computer systems and components that areinterconnected via communication links, using one or more computernetworks or direct connections. However, it will be appreciated by thoseof ordinary skill in the art that such a system could operate equallywell in a system having fewer or a greater number of components than areillustrated in FIG. 11. Thus, the depiction of the system 1100 in FIG.11 should be taken as being illustrative in nature and not limiting tothe scope of the disclosure.

The various embodiments further can be implemented in a wide variety ofoperating environments, which in some cases can include one or more usercomputers, computing devices or processing devices which can be used tooperate any of a number of applications. User or client devices caninclude any of a number of general purpose personal computers, such asdesktop, laptop or tablet computers running a standard operating system,as well as cellular, wireless and handheld devices running mobilesoftware and capable of supporting a number of networking and messagingprotocols. Such a system also can include a number of workstationsrunning any of a variety of commercially-available operating systems andother known applications for purposes such as development and databasemanagement. These devices also can include other electronic devices,such as dummy terminals, thin-clients, gaming systems and other devicescapable of communicating via a network.

Various embodiments of the present disclosure utilize at least onenetwork that would be familiar to those skilled in the art forsupporting communications using any of a variety ofcommercially-available protocols, such as Transmission ControlProtocol/Internet Protocol (“TCP/IP”), protocols operating in variouslayers of the Open System Interconnection (“OSI”) model, File TransferProtocol (“FTP”), Universal Plug and Play (“UpnP”), Network File System(“NFS”), Common Internet File System (“CIFS”), and AppleTalk. Thenetwork can be, for example, a local area network, a wide-area network,a virtual private network, the Internet, an intranet, an extranet, apublic switched telephone network, an infrared network, a wirelessnetwork and any combination thereof.

In embodiments utilizing a web server, the web server can run any of avariety of server or mid-tier applications, including Hypertext TransferProtocol (“HTTP”) servers, FTP servers, Common Gateway Interface (“CGI”)servers, data servers, Java servers, and business application servers.The server(s) also may be capable of executing programs or scripts inresponse to requests from user devices, such as by executing one or moreweb applications that may be implemented as one or more scripts orprograms written in any programming language, such as Java®, C, C # orC++, or any scripting language, such as Perl, Python or TCL, as well ascombinations thereof. The server(s) may also include database servers,including without limitation those commercially available from Oracle®,Microsoft®, Sybase®, and IBM®.

The environment can include a variety of data stores and other memoryand storage media as discussed above. These can reside in a variety oflocations, such as on a storage medium local to (and/or resident in) oneor more of the computers or remote from any or all of the computersacross the network. In a particular set of embodiments, the informationmay reside in a storage-area network (“SAN”) familiar to those skilledin the art. Similarly, any necessary files for performing the functionsattributed to the computers, servers or other network devices may bestored locally and/or remotely, as appropriate. Where a system includescomputerized devices, each such device can include hardware elementsthat may be electrically coupled via a bus, the elements including, forexample, at least one central processing unit (“CPU” or “processor”), atleast one input device (e.g., a mouse, keyboard, controller, touchscreen or keypad) and at least one output device (e.g., a displaydevice, printer or speaker). Such a system may also include one or morestorage devices, such as disk drives, optical storage devices andsolid-state storage devices such as RAM” or ROM, as well as removablemedia devices, memory cards, flash cards, etc.

Such devices also can include a computer-readable storage media reader,a communications device (e.g., a modem, a network card (wireless orwired), an infrared communication device, etc.) and working memory asdescribed above. The computer-readable storage media reader can beconnected with, or configured to receive, a computer-readable storagemedium, representing remote, local, fixed and/or removable storagedevices as well as storage media for temporarily and/or more permanentlycontaining, storing, transmitting and retrieving computer-readableinformation. The system and various devices also typically will includea number of software applications, modules, services or other elementslocated within at least one working memory device, including anoperating system and application programs, such as a client applicationor web browser. It should be appreciated that alternate embodiments mayhave numerous variations from that described above. For example,customized hardware might also be used and/or particular elements mightbe implemented in hardware, software (including portable software, suchas applets) or both. Further, connection to other computing devices suchas network input/output devices may be employed.

Storage media and computer readable media for containing code, orportions of code, can include any appropriate media known or used in theart, including storage media and communication media, such as, but notlimited to, volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information such as computer-readable instructions, data structures,program modules or other data, including RAM, ROM, Electrically ErasableProgrammable Read-Only Memory (“EEPROM”), flash memory or other memorytechnology, Compact Disc Read-Only Memory (“CD-ROM”), digital versatiledisk (DVD) or other optical storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices or any othermedium which can be used to store the desired information and which canbe accessed by the system device. Based on the disclosure and teachingsprovided herein, a person of ordinary skill in the art will appreciateother ways and/or methods to implement the various embodiments.

The specification and drawings are, accordingly, to be regarded in anillustrative rather than a restrictive sense. It will, however, beevident that various modifications and changes may be made thereuntowithout departing from the broader spirit and scope of the invention asset forth in the claims.

Other variations are within the spirit of the present disclosure. Thus,while the disclosed techniques are susceptible to various modificationsand alternative constructions, certain illustrated embodiments thereofare shown in the drawings and have been described above in detail. Itshould be understood, however, that there is no intention to limit theinvention to the specific form or forms disclosed, but on the contrary,the intention is to cover all modifications, alternative constructionsand equivalents falling within the spirit and scope of the invention, asdefined in the appended claims.

The use of the terms “a” and “an” and “the” and similar referents in thecontext of describing the disclosed embodiments (especially in thecontext of the following claims) are to be construed to cover both thesingular and the plural, unless otherwise indicated herein or clearlycontradicted by context. The terms “comprising,” “having,” “including”and “containing” are to be construed as open-ended terms (i.e., meaning“including, but not limited to,”) unless otherwise noted. The term“connected,” when unmodified and referring to physical connections, isto be construed as partly or wholly contained within, attached to orjoined together, even if there is something intervening. Recitation ofranges of values herein are merely intended to serve as a shorthandmethod of referring individually to each separate value falling withinthe range, unless otherwise indicated herein and each separate value isincorporated into the specification as if it were individually recitedherein. The use of the term “set” (e.g., “a set of items”) or “subset”unless otherwise noted or contradicted by context, is to be construed asa nonempty collection comprising one or more members. Further, unlessotherwise noted or contradicted by context, the term “subset” of acorresponding set does not necessarily denote a proper subset of thecorresponding set, but the subset and the corresponding set may beequal.

Conjunctive language, such as phrases of the form “at least one of A, B,and C,” or “at least one of A, B and C,” unless specifically statedotherwise or otherwise clearly contradicted by context, is otherwiseunderstood with the context as used in general to present that an item,term, etc., may be either A or B or C, or any nonempty subset of the setof A and B and C. For instance, in the illustrative example of a sethaving three members used in the above conjunctive phrase, “at least oneof A, B, and C” and “at least one of A, B and C” refers to any of thefollowing sets: {A}, {B}, {C}, {A, B}, {A, C}, {B, C}, {A, B, C}. Thus,such conjunctive language is not generally intended to imply thatcertain embodiments require at least one of A, at least one of B and atleast one of C to each be present.

Operations of processes described herein can be performed in anysuitable order unless otherwise indicated herein or otherwise clearlycontradicted by context. Processes described herein (or variationsand/or combinations thereof) may be performed under the control of oneor more computer systems configured with executable instructions and maybe implemented as code (e.g., executable instructions, one or morecomputer programs or one or more applications) executing collectively onone or more processors, by hardware or combinations thereof. The codemay be stored on a computer-readable storage medium, for example, in theform of a computer program comprising a plurality of instructionsexecutable by one or more processors. The computer-readable storagemedium may be non-transitory.

The use of any and all examples, or exemplary language (e.g., “such as”)provided herein, is intended merely to better illuminate embodiments ofthe invention and does not pose a limitation on the scope of theinvention unless otherwise claimed. No language in the specificationshould be construed as indicating any non-claimed element as essentialto the practice of the invention.

Preferred embodiments of this disclosure are described herein, includingthe best mode known to the inventors for carrying out the invention.Variations of those preferred embodiments may become apparent to thoseof ordinary skill in the art upon reading the foregoing description. Theinventors expect skilled artisans to employ such variations asappropriate and the inventors intend for embodiments of the presentdisclosure to be practiced otherwise than as specifically describedherein. Accordingly, the scope of the present disclosure includes allmodifications and equivalents of the subject matter recited in theclaims appended hereto as permitted by applicable law. Moreover, anycombination of the above-described elements in all possible variationsthereof is encompassed by the scope of the present disclosure unlessotherwise indicated herein or otherwise clearly contradicted by context.

All references, including publications, patent applications and patents,cited herein are hereby incorporated by reference to the same extent asif each reference were individually and specifically indicated to beincorporated by reference and were set forth in its entirety herein.

What is claimed is:
 1. A computer-implemented method, comprising:providing a virtual machine instance with access to a cryptographic key;storing information that indicates that the cryptographic key has beenprevented from being accessible from outside of the virtual machineinstance, wherein the information comprises a condition that indicatesthe cryptographic key is precluded from being persistently stored in alocation outside of the virtual machine instance; and making data thathas been encrypted using the cryptographic key inaccessible, during aserialization operation, by at least: processing a request to delete thedata, under the control of a virtual machine manager associated with thevirtual machine instance, by at least verifying the information; anddeleting, by the virtual machine manager, the cryptographic key.
 2. Thecomputer-implemented method of claim 1, wherein deleting thecryptographic key further comprises causing, by the virtual machinemanager, the cryptographic key to be removed from a location of a memoryof the virtual machine instance.
 3. The computer-implemented method ofclaim 1, wherein making data that has been encrypted using thecryptographic key inaccessible further comprises obtaining theinformation from storage.
 4. The computer-implemented method of claim 1,wherein the information indicates that the cryptographic key has notbeen obtained by a computing resource outside of the virtual machineinstance.
 5. The computer-implemented method of claim 1, wherein makingdata inaccessible is done without, for at least an amount of time,deleting the data.
 6. The computer-implemented method of claim 1,further comprising deleting the cryptographic key based at least in parton a set of conditions indicated as satisfied by the information.
 7. Asystem, comprising: one or more processors; and memory that storescomputer-executable instructions that, as a result of being executed bythe one or more processors, cause the system to: provide a computersystem instance with access to a cryptographic key; maintain informationthat indicates whether the cryptographic key has been exposed outside ofthe computer system; and render plain text versions of data encryptedwith the cryptographic key inaccessible, during one or moreserialization operations, by at least, using a virtual machine managerassociated with the computer system instance to delete the cryptographickey based at least in part on a verification of the information, whereinthe information comprises a condition that indicates the cryptographickey is prevented from being persistently stored in a location outside ofthe computer system instance.
 8. The system of claim 7, wherein memoryfurther includes computer-executable instructions that, as a result ofbeing executed by the one or more processors, cause the system to:detect an operation performed by the computer system instance using thecryptographic key; and update the information associated with usage ofthe cryptographic key.
 9. The system of claim 7, wherein the informationassociated with usage of the cryptographic key includes an audit log.10. The system of claim 7, wherein the computer-executable instructionsthat render plain text versions of data encrypted with the cryptographickey inaccessible further comprise computer-executable instructions that,as a result of being executed by the one or more processors, cause thesystem to transmit a request to delete the cryptographic key to acryptographic key management module.
 11. The system of claim 7, whereinthe information associated with usage of the cryptographic key indicatesthat the cryptographic key has not been persistently stored during theone or more serialization operations.
 12. The system of claim 7, whereindeleting the cryptographic key based at least in part on the informationfurther comprises determining that a set of conditions on thecryptographic key has not been violated.
 13. A non-transitorycomputer-readable storage medium comprising stored thereon executableinstructions that, as a result of being executed by one or moreprocessors of a computer system, cause the computer system to at least:provision a computer instance with a key to encrypt data; storeinformation that indicates that the key has been prevented from beingaccessible from outside of the computer instance during serializationoperations; obtain a request to delete data encrypted with the key; andfulfil the request by at least: processing the request, under thecontrol of a virtual machine manager associated with the computerinstance, by at least determining that a set of conditions on the keyhas not been violated based at least in part on the information, whereinthe set of conditions comprises a first condition that indicates the keyis precluded from being persistently stored in a location outside of thecomputer instance; and causing, by the virtual machine manager, the keyto be deleted.
 14. The non-transitory computer-readable storage mediumof claim 13, wherein the instructions further comprise instructionsthat, as a result of being executed by the one or more processors, causethe computer system to: detect an encryption operation performed by thecomputer instance; and update the information based at least in part onthe encryption operation.
 15. The non-transitory computer-readablestorage medium of claim 13, wherein the instructions that cause thecomputer system to determine that the set of conditions on the key hasnot been violated further include instructions that cause the computersystem to trace an audit log to obtain the information.
 16. Thenon-transitory computer-readable storage medium of claim 13, wherein theinstructions that cause the computer system to cause the key to bedeleted further include instructions that cause the computer system to,for an interval of time, cause the key to be deleted without deletingthe data encrypted with the key.
 17. The non-transitorycomputer-readable storage medium of claim 16, wherein the informationassociated with the key indicates that the key has not been persistedduring serialization operations.
 18. The non-transitorycomputer-readable storage medium of claim 17, wherein a condition of theset of conditions on the key indicates that the key is not to bepersisted during serialization operations.
 19. The non-transitorycomputer-readable storage medium of claim 13, wherein a condition of theset of conditions on the key indicates that the key is to be encryptedwith a second key.